SlideShare una empresa de Scribd logo

Information Security

Descargar como PPTX, PDF
U
UmangThakkar26

Content related to cyber security

Educación
1 de 91
Information Security
Cyber ● Before there was cyberpunk or cybersecurity, there was cybernetics. ● In the late 1940s, cybernetics arose as the study of control systems and communications between people and machines
Cyber Space ● A widespread interconnected digital technology ● It refers to the online world as a world 'apart', as distinct from everyday reality
Cyber Security ● Cyber Security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. ● Cyber Security attempts to assure the protection of assets, which includes data, desktop, servers, buildings and most importantly, humans.
Data ● In general, data is any set of characters that has been gathered and translated for some purpose, usually analysis. ● It can be any character, including text and numbers, pictures, sound, or video. ● Raw data describes the facts and figures that a company processes every day.
Data classification ● Data classification is one of the most important steps in data security. ● Not all data is created equal, and few businesses have the time or resources to provide maximum protection to all their data. ● That’s why it’s important to classify your data based on how sensitive or valuable it is
Data classification ● Common data classifications include ○ Highly Confidential ○ Sensitive ○ Internal Use Only ○ Public
Highly Confidential ● This classification applies to the most sensitive business information that is intended strictly for use within your company. ● Its unauthorized disclosure could seriously and adversely impact your company, business partners, vendors and/or customers in the short and long term. ● It could include credit-card transaction data, customer names and addresses, card magnetic stripe contents, passwords and PINs, employee payroll files, etc.
Sensitive ● This classification applies to sensitive business information that is intended for use within your company, and information that you would consider to be private should be included in this classification. ● Examples include employee performance evaluations, internal audit reports, various financial reports, product designs, partnership agreements, marketing plans and email marketing lists.
Internal Use Only ● This classification applies to sensitive information that is generally accessible by a wide audience and is intended for use only within your company. ● While its unauthorized disclosure to outsiders should be against policy and may be harmful, the unlawful disclosure of the information is not expected to impact your company, employees, business partners, vendors and the like.
Public ● Basically any information that requires no special protection or rules for use
CIA ● Confidentiality, Integrity, Availability ● A model designed to guide policies for information security within an organization ● Considered the three most crucial components of security
Confidentiality ● Equivalent to privacy ● A set of rules that limits access to information ● Designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can in fact get it ● i.e. Data Encryption, User ID & Password, Two-Factor Authentication, Biometric lock system
Integrity ● It involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle ● Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people ● i.e. File Permissions, Access Control, Checksums
Availability ● A guarantee of reliable access to the information by authorized people whenever required ● Best ensured by maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment ● i.e. Load Balancing, Back-up Servers
AAA ● Concept relating to the people who use that information ○ Authentication ○ Authorization ○ Non-repudiation
Authentication ● Authentication is a process of identifying the person before accessing the system. ● It allows user to access the system information only if authentication check got passed. ● Apart from Username & password combination, the authentication can be implemented in different ways like asking secret question and answer, OTP (One Time Password) over SMS, biometric authentication, Token based authentication like RSA Secure ID token etc.
Authorization ● Once the Authentication passed the Authorization comes in the picture to limit the user as per the permission set for the user. ● The Authorization is generally implemented on Access control list, user role based, user group based and define the permissions & restrictions to specific user group or granting or revoking the privileges for the users.
Access Control ● Access control is the selective restriction of access to some kind of resource (a folder, a file, and a device). ● There are different types of approaches to access control. ○ DAC ○ MAC ○ RBAC ○ MLS
DAC ● Discretionary Access Control ● Every user can decide who can, with which permission, read/write his/her files.
MAC ● Mandatory Access Control ● The administrator decides the security policy and all the files in the system will comply
RBAC ● Role Based Access Control ● The permissions are not granted per user, but according to the role ● This allows big organizations to assign permission to roles and roles to users, making it easier to create, modify or delete users.
MLS ● Multi Level Security ● Each user has a trust level and each item has a confidentiality level. ● The administrator is still the one who is in charge or creating the security policy, as in MAC systems, but the system will ensure that each user will only see the items that have a confidentiality level allowed to him based on some system configurations and the user trust level
Non-Repudiation/Accountability ● Tracking who is accessing the systems and which of the requests were denied along with additional details like the Timestamp and the IP address from where the requests came from. ● Means confirmation sent by receiver to sender that the requested services or information was successfully received as Digital confirmation e.g. Digital Certificates, this not only serves as acknowledgement but also helps to validate both sender and receiver is genuine.
Cyber Crimes ● Cybercrime is a crime that involves a computer and a network. ● The computer may have been used in the commission of a crime, or it may be the target or it may be the tool.
Types of Cyber Crime ● Hacking ● Denial of Service Attack ● Identity Theft ● Malware Dissemination ● Computer Vandalism ● Cyber Terrorism ● Online Fraud ● Software Piracy ● Forgery ● Phishing ● Spam ● Spoofing ● Defamation
Hacking ● A commonly used hacking definition is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals. ● Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.
Denial of Service Attack ● A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. ● DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
Identity Theft ● It is the use by one person of another person's personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person. ● Where personal information is stolen and used.
Malware Dissemination ● Malware (short for “malicious software”) is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants. ● Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server. ● Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware. These malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions and monitor end users' computer activity.
Cyber Vandalism ● Computer Vandalism is a type of process in which a program has the ability to perform malicious tasks such as getting someone’s passwords or important data. ● This can even include the removal of user data or deleting one's hard drive.
Cyber Terrorism ● Cyber terrorism is a type of attack in which a person uses the Internet to establish violent acts which may result in loss of a life, harm to a person or threaten to life. ● The main object of this is to gain political advantages by the use of threat.
Online Fraud ● Online fraud in cyber security includes online scams, spam, identity theft, a scammer buying products online from your account without your knowledge, identity spoofing, scam pop-up alerts, chain letter scams, etc.
Software Piracy ● Software piracy is the illegal copying, installation, use, distribution, or sale of software in any way other than that is expressed in the license agreement. ● The software industry is facing huge financial losses due to the piracy of software. ● Piracy of software is performed by end-users as well as by the dealers.
Forgery ● The term forgery usually describes a message related attack against a cryptographic digital signature scheme. ● That is an attack trying to fabricate a digital signature for a message without having access to the respective signer's private signing key.
Phishing ● Phishing works by sending messages that look like they are from a legitimate company or website. ● Phishing messages will usually contain a link that takes the user to a fake website that looks like the real thing. ● The user is then asked to enter personal information, such as their credit card number.
Spam ● Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk. ● Often spam is sent via email, but it can also be distributed via text messages, phone calls, or social media.
Spoofing ● Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. ● Spoofing happens when cybercriminals use deception to appear as another person or source of information. ● Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
Defamation ● Any deliberate, false communication—spoken or written—on any online platform, or any publication of a false statement—that can damage an individual’s reputation, diminish their self-respect, undermine their dignity, undermine their confidence, or harm their character in the public or social sphere is known as Defamation. ● Injuring the reputation of a person on the internet by using social media email, etc.
Types of Malware ● Viruses ● Spyware ● Adware ● Ransomware ● Keylogger ● Botnet • Backdoor • Downloader • Launcher • Rootkit • Scareware • Spamware
Viruses ● Created to relentlessly self-replicate ● it infects programs and files. The malicious activities may be targeted at destroying valuable data or causing unrepairable damages
Backdoor ● Malicious code that installs itself onto a computer to allow the attacker access. ● Backdoors usually let the attacker connect to the computer with little or no authentication and execute commands on the local system.
Downloader ● Malicious code that exists only to download other malicious code. ● Downloaders are commonly installed by attackers when they first gain access to a system. ● The downloader program will download and install additional malicious code.
Launcher ● Malicious program used to launch other malicious programs. ● Usually, launchers use nontraditional techniques to launch other malicious programs in order to ensure stealth or greater access to a system.
Rootkit ● Malicious code designed to conceal the existence of other code. ● Rootkits are usually paired with other malware, such as a backdoor, to allow remote access to the attacker and make the code difficult for the victim to detect.
Spyware ● The software is created to spy on the victim. ● It is secretly implanted on the computing device by the hacker. ● The spyware gathers information and sends it to the hacker.
Adware ● The malicious program is devised to pop-up unwanted advertisements on the victim’s computer without their permission. ● The pop-ups are uncontrollable and tend to behave erratically.
Scareware ● Malware designed to frighten an infected user into buying something. ● It usually has a user interface that makes it look like an antivirus or other security program. ● It informs users that there is malicious code on their system and that the only way to get rid of it is to buy their “software,” when in reality, the software it’s selling does nothing more than remove the scareware.
Spamware ● Malware that infects a user’s machine and then uses that machine to send spam. ● This malware generates income for attackers by allowing them to sell spam-sending services.
Ransomware ● The ransom malware blocks the user from accessing the files or programs and the malware removal demands to pay the ransom through certain online payment methods. ● Once the amount is paid the user can resume using their system.
Key-Logger ● Tools designed to record every keystroke on the affected machine for later retrieval ● It stores the data regarding each and every key user presses on the keyboard. ● It is very commonly used method to get username and passwords from a legitimate user.
Botnet ● The cybercriminal blocks a user actions and takes full control of the system. ● The hacker creates a network of malware-infected computers which functions as a bot. ● The botnet is used to transmit malware, send spam emails, and execute other malicious tasks.
Types of Possible Attacks ● Denial-of-Service ● 0-Day ● Brute Force ● Advanced Persistent Threat ● Automated Exploitation Tools
Types of Possible Attacks ● ISP Intercept ● Supply Chain Attack ● Social Engineering
Cyber Criminals ● Script Kiddies ● Motivated Individuals ● Highly Capable Groups ● Organized Hackers ● Intelligence Agencies/Services
Script Kiddies ● A relatively unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and networks and deface websites
Motivated individuals ● This includes multiple kinds of attackers, such as small-scale industrial espionage, rogue or malicious employees, or disaffected customers. ● They act alone
Highly Capable Groups ● These groups often refer to themselves as Hacktivist and are not typically commercially funded, but can pose a serious threat to service providers and cloud operators. ● Many groups of hackers have organized themselves lately, such as Lulzsec and Anonymous.
Organized Hackers ● These are groups of hackers who are usually highly capable. ● These groups are financially driven and able to fund in-house to exploit development and target research. ● Multiple groups fall in this category, from the Russian Business Network to the various organized groups that undertake industrial espionage.
Intelligence Agencies ● They usually have capabilities greater than any other attacker, because they can bend rules without breaking them and can be authorized to violate rules. ● Intelligence agencies and other governmental players are comparable to organized hackers, but usually have far more money they can spend on those operations, making them more effective.
E-mail Spoofing ● Email spoofing is a trick that spammers and identity thieves use to baffle and deceive people. The concept is that if an email seems to originate from a recognized sender, the aim of the phishing mail will be more probable to fall for the deception. ● Email security must remain a main concern for every business. Here are tips on protecting yourself against email spoofing: ○ Firstly check the salutation ○ Take care of grammar mistakes ○ Must check the links in email ○ Claiming that an email has come from reliable source ○ Forward spoofed emails to FTC
Cyber Defamation ● Cyber defamation refers to libel or slander that is expressed online, typically via a publicly accessible website.
Cyber Defamation ● Who does Defamation ○ Social media news channels ■ A new marketplace has emerged where public shaming is a commodity and shame is an industry. Nowadays, money is made on the clicks, the more shame the more clicks and the more advertising revenue.
Cyber Defamation ● Who does Defamation ○ Disgruntled employee ■ Sends derogatory, defamatory, vulgar and abusive emails to the company’s superiors or management. ○ Ex-friend / Ex-spouse ■ Obscene messages are sent to friends/ family or even on porn sites.
Cyber Defamation ● Who does Defamation ○ Political rivalry ■ Defaming rival party with false content and false context. ○ Religious rivalry ■ Trying to manipulate perceptions and creating false propaganda.
Free Speech vs Defamation ● Freedom of Expression and Speech, as provided under Article 19 (1) (a) in our Constitution, provides that all citizens shall have the right to freedom of expression and speech. However, such freedom is subject to reasonable restrictions. ● The protection of the reputation of the other person falls within the ambit of reasonable restriction and any comment or remark which hampers the reputation of another person will invite liability under the law of defamation.
Law against Defamation ● Section 499 of IPC ○ Says that whoever, by words either spoken or intended to be read, or by signs or by visible representations, makes or publishes any imputation concerning any person intending to harm, or knowing or having reason to believe that such imputation will harm the reputation of such person.
Law against Defamation ● Section 469 of IPC ○ Says that whoever commits forgery, intending that the document or electronic record forged shall harm the reputation of any party, or knowing that it is likely to be used for that purpose shall be punished.
Law against Defamation ● Section 503 of IPC ○ Says that whoever threatens another with any injury to a person, reputation or property, or to the person or reputation of anyone in whom that person is interested, with intent to cause alarm to that person, or to cause that person to do any act which he is not legally bound to do, or to omit to do any act which that person is legally entitled to do, as the means of avoiding the execution of such threats, commits criminal intimidation.
Internet Time Theft ● It refers to the theft in a manner where the unauthorized person uses internet hours paid by another person.
Salami Attack ● A “salami attack” is a form of cyber crime usually used for the purpose of committing financial crimes in which criminals steal money or resources a bit at a time from financial accounts on a system. ● A salami attack is when small attacks add up to one major attack. ● These attacks often go undetected due to the nature of this type of cyber crime.
Forms of Salami Attack ● Salami Slicing ● Penny Shaving
Salami Slicing ● Salami slicing is when the attacker uses an online database to seize the information of customers, that is bank/credit card details. ● The attacker deducts minuscule amounts from every account over a period of time. ● These amounts naturally add up to large sums of money that is unnoticeably taken from the collective accounts. ● Most people do not report the deduction, often letting it go because of the amount involved.
Penny Shaving ● Penny shaving is the fraudulent practice of stealing money repeatedly in extremely small quantities. ● By taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. ● The idea is to make the change small enough that any single transaction will go undetected.
Penny Shaving
Case Study 1 – Salami Attack ● In California, Between November and March of 2008, Michael Largent, a 21 year old wrote a program which allowed him to take advantage of the practice of challenge deposits which companies like Google, E*Trade, Charles Schwab, and other companies use to validate a clients bank account .
Case Study 1 – Salami Attack ● The program set up more than 58,000 user accounts which resulted in challenge transactions between $0.01 to $2.00 to be sent to accounts belonging to Largent; the funds, amounting to somewhere between $40,000 and$50,000, were then transferred into other accounts belonging to Largent. ● An important element of Largent’s fraud is that his program created accounts using fraudulent names and social security numbers which under 18 U.S.C.
Case Study 2 – Salami Attack ● In Pune, city-based senior High Court lawyer Amit Kumar Bhowmik, lost Rs 180 after getting three calls from an unknown number during August 2013. ● He had received three blank calls on his mobile phone from an unknown number (+9126530000300). ● When he checked his billing account with Airtel online, he realised he was charged Rs 60 for each call.
Case Study 2 – Salami Attack ● Annoyed with the repeated badgering, Bhowmik lodged a complaint with the Cyber Crime Cell of the Pune police crime branch. ● The Cyber Crime Cell failed to trace the location or identify the user of the phone yet, as the privacy policies of mobile companies have been a hurdle in the tracking down of the offenders. ● Victims hardly ever approach the Cyber Crime Cell, so racketeers consider this method a safe way to make big money.
Prevention ● Banks have to update their security so that the attacker doesn’t familiarize himself/herself with the way the framework is designed. ● Banks should advise customers on reporting any kind of money deduction that they aren’t aware that they were a part of. ● Customers should ideally not store information online when it comes to bank details.
Laws against Salami Attacks ● Anyone found guilty for salami attacks are liable for punishment under Section 66 IT Act. ● Any unauthorized person who secures or attempts to secure access to a protected system is liable to be punished with imprisonment, which may extend to 10 years and may also be liable to fine. ● This is an offence under Section 70 in IT Act, 2000.
Industrial Spying/Espionage ● A covert and sometimes illegal practice of investigating competitors to gain business advantage. ● The target of an investigation might be a trade secret, such as a proprietary product specification or formula, or information about business plans.
Industrial Spying/Espionage ● An industrial spy may be an insider threat, such as an individual who has gained employment with the company for the purpose of spying or a disgruntled employee who trades information for personal gain or revenge. ● Spies may also infiltrate through social engineering tactics, for example, by tricking an employee into divulging privileged information.
Industrial Spying/Espionage ● Spies sometimes physically breach the target organization and investigate the premises. ● In that case, they might search wastebaskets or copy files or hard drives of unattended computers. ● Industrial espionage is most often found in technology-focused companies, in part because of the considerable expense of technology research and development (R&D).
Types of Industrial Espionage ● IP Theft ● Property Trespass ● Hiring Away Employees ● Wiretapping or eavesdropping ● Cyber attacks and malware
IP Theft ● This type of espionage comes in many different forms. ● For example, ○ it can be a theft of engineering designs from an automobile or aerospace company; ○ a formula for a new drug from a pharmaceutical company ○ a recipe from a food and beverage or vitamin supplement company
Property Trespass ● Breaking into physical premises or files to obtain company information is another form of industrial espionage. ● A surprising number of critical corporate assets are still in physical form and may be obtained by insider employees or by outsiders who gain access to the premises.
Hiring Away Employees ● Competitors frequently try to hire away employees from companies to gain access to information the employees have acquired on the job. ● Most of the time, the knowledge employees obtain on the job is part of the trade and is legitimately transferrable, but there also are times when employees leave with valuable trade secrets and formulas in their heads that they can put to work for their new companies.
Wiretapping or Eavesdropping ● Those desiring information from a company can set up portable devices that listen in or record certain conversations, such as a confidential board meeting. ● In some cases, this wiretapping may be legal and authorized, but in others, it is illegal listening for the purpose of economic or strategic gain.
Cyber attacks and malware ● Whether it is through a distributed denial-of-service attack or an infusion of malware that corrupts a company's network, companies, governments and organizations also seek to disrupt each other by sabotaging daily operations and disabling their ability to work.
Industrial espionage vs competitive intelligence ● Industrial espionage is distinct from competitive intelligence, which is confined to the gathering of publicly available information. ● When organizations, companies and governments gather competitive information on each other, they research websites, publications, patent filings, articles and any other publicly available information that can tell them more about the organization they are researching. This type of espionage is open to anyone and is perfectly legal.

Recomendados

Top Companies Providing Cyber Security in Europe
Top Companies Providing Cyber Security in EuropeTop Companies Providing Cyber Security in Europe
Top Companies Providing Cyber Security in Europeroxanaaleena
 
Cyber security
Cyber security Cyber security
Cyber securityTanu Basoiya
 
Challenges 14 security (1).pdf
Challenges 14 security (1).pdfChallenges 14 security (1).pdf
Challenges 14 security (1).pdfdhayadhayananth1
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
13.02 Network Security
13.02 Network Security13.02 Network Security
13.02 Network SecurityAnjan Mahanta
 
Module 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptxModule 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptxnikshaikh786
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 

Recomendados

Top Companies Providing Cyber Security in Europe
Top Companies Providing Cyber Security in EuropeTop Companies Providing Cyber Security in Europe
Top Companies Providing Cyber Security in Europeroxanaaleena
 
Cyber security
Cyber security Cyber security
Cyber securityTanu Basoiya
 
Challenges 14 security (1).pdf
Challenges 14 security (1).pdfChallenges 14 security (1).pdf
Challenges 14 security (1).pdfdhayadhayananth1
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
13.02 Network Security
13.02 Network Security13.02 Network Security
13.02 Network SecurityAnjan Mahanta
 
Module 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptxModule 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptxnikshaikh786
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 
Computer security
Computer securityComputer security
Computer securityRoshanMaharjan13
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
M1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfM1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfShylesh BC
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityrahulbhardwaj312501
 
Access Control - Week 4
Access Control - Week 4Access Control - Week 4
Access Control - Week 4jemtallon
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Information Security and Indian IT Act 2000
Information Security and Indian IT Act 2000Information Security and Indian IT Act 2000
Information Security and Indian IT Act 2000Dr. Prashant Vats
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Computer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxComputer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxdagiabebe267
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxnikshaikh786
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 

Más contenido relacionado

Similar a Information Security

Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
M1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfM1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfShylesh BC
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Access Control - Week 4
Access Control - Week 4Access Control - Week 4
Access Control - Week 4jemtallon
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Information Security and Indian IT Act 2000
Information Security and Indian IT Act 2000Information Security and Indian IT Act 2000
Information Security and Indian IT Act 2000Dr. Prashant Vats
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Computer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxComputer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxdagiabebe267
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxnikshaikh786
 

Similar a Information Security (20)

Computer security
Computer securityComputer security
Computer security
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
M1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfM1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdf
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Access Control - Week 4
Access Control - Week 4Access Control - Week 4
Access Control - Week 4
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
презентация1
презентация1презентация1
презентация1
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
Computer security
Computer securityComputer security
Computer security
 
Information Security and Indian IT Act 2000
Information Security and Indian IT Act 2000Information Security and Indian IT Act 2000
Information Security and Indian IT Act 2000
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Computer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxComputer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptx
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 

Último

ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 

Último (20)

ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 

Information Security

  • 2. Cyber ● Before there was cyberpunk or cybersecurity, there was cybernetics. ● In the late 1940s, cybernetics arose as the study of control systems and communications between people and machines
  • 3. Cyber Space ● A widespread interconnected digital technology ● It refers to the online world as a world 'apart', as distinct from everyday reality
  • 4. Cyber Security ● Cyber Security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. ● Cyber Security attempts to assure the protection of assets, which includes data, desktop, servers, buildings and most importantly, humans.
  • 5. Data ● In general, data is any set of characters that has been gathered and translated for some purpose, usually analysis. ● It can be any character, including text and numbers, pictures, sound, or video. ● Raw data describes the facts and figures that a company processes every day.
  • 6. Data classification ● Data classification is one of the most important steps in data security. ● Not all data is created equal, and few businesses have the time or resources to provide maximum protection to all their data. ● That’s why it’s important to classify your data based on how sensitive or valuable it is
  • 7. Data classification ● Common data classifications include ○ Highly Confidential ○ Sensitive ○ Internal Use Only ○ Public
  • 8. Highly Confidential ● This classification applies to the most sensitive business information that is intended strictly for use within your company. ● Its unauthorized disclosure could seriously and adversely impact your company, business partners, vendors and/or customers in the short and long term. ● It could include credit-card transaction data, customer names and addresses, card magnetic stripe contents, passwords and PINs, employee payroll files, etc.
  • 9. Sensitive ● This classification applies to sensitive business information that is intended for use within your company, and information that you would consider to be private should be included in this classification. ● Examples include employee performance evaluations, internal audit reports, various financial reports, product designs, partnership agreements, marketing plans and email marketing lists.
  • 10. Internal Use Only ● This classification applies to sensitive information that is generally accessible by a wide audience and is intended for use only within your company. ● While its unauthorized disclosure to outsiders should be against policy and may be harmful, the unlawful disclosure of the information is not expected to impact your company, employees, business partners, vendors and the like.
  • 11. Public ● Basically any information that requires no special protection or rules for use
  • 12. CIA ● Confidentiality, Integrity, Availability ● A model designed to guide policies for information security within an organization ● Considered the three most crucial components of security
  • 13. Confidentiality ● Equivalent to privacy ● A set of rules that limits access to information ● Designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can in fact get it ● i.e. Data Encryption, User ID & Password, Two-Factor Authentication, Biometric lock system
  • 14. Integrity ● It involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle ● Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people ● i.e. File Permissions, Access Control, Checksums
  • 15. Availability ● A guarantee of reliable access to the information by authorized people whenever required ● Best ensured by maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment ● i.e. Load Balancing, Back-up Servers
  • 16. AAA ● Concept relating to the people who use that information ○ Authentication ○ Authorization ○ Non-repudiation
  • 17. Authentication ● Authentication is a process of identifying the person before accessing the system. ● It allows user to access the system information only if authentication check got passed. ● Apart from Username & password combination, the authentication can be implemented in different ways like asking secret question and answer, OTP (One Time Password) over SMS, biometric authentication, Token based authentication like RSA Secure ID token etc.
  • 18. Authorization ● Once the Authentication passed the Authorization comes in the picture to limit the user as per the permission set for the user. ● The Authorization is generally implemented on Access control list, user role based, user group based and define the permissions & restrictions to specific user group or granting or revoking the privileges for the users.
  • 19. Access Control ● Access control is the selective restriction of access to some kind of resource (a folder, a file, and a device). ● There are different types of approaches to access control. ○ DAC ○ MAC ○ RBAC ○ MLS
  • 20. DAC ● Discretionary Access Control ● Every user can decide who can, with which permission, read/write his/her files.
  • 21. MAC ● Mandatory Access Control ● The administrator decides the security policy and all the files in the system will comply
  • 22. RBAC ● Role Based Access Control ● The permissions are not granted per user, but according to the role ● This allows big organizations to assign permission to roles and roles to users, making it easier to create, modify or delete users.
  • 23. MLS ● Multi Level Security ● Each user has a trust level and each item has a confidentiality level. ● The administrator is still the one who is in charge or creating the security policy, as in MAC systems, but the system will ensure that each user will only see the items that have a confidentiality level allowed to him based on some system configurations and the user trust level
  • 24. Non-Repudiation/Accountability ● Tracking who is accessing the systems and which of the requests were denied along with additional details like the Timestamp and the IP address from where the requests came from. ● Means confirmation sent by receiver to sender that the requested services or information was successfully received as Digital confirmation e.g. Digital Certificates, this not only serves as acknowledgement but also helps to validate both sender and receiver is genuine.
  • 25. Cyber Crimes ● Cybercrime is a crime that involves a computer and a network. ● The computer may have been used in the commission of a crime, or it may be the target or it may be the tool.
  • 26. Types of Cyber Crime ● Hacking ● Denial of Service Attack ● Identity Theft ● Malware Dissemination ● Computer Vandalism ● Cyber Terrorism ● Online Fraud ● Software Piracy ● Forgery ● Phishing ● Spam ● Spoofing ● Defamation
  • 27. Hacking ● A commonly used hacking definition is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals. ● Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.
  • 28. Denial of Service Attack ● A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. ● DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
  • 29. Identity Theft ● It is the use by one person of another person's personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person. ● Where personal information is stolen and used.
  • 30. Malware Dissemination ● Malware (short for “malicious software”) is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants. ● Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server. ● Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware. These malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions and monitor end users' computer activity.
  • 31. Cyber Vandalism ● Computer Vandalism is a type of process in which a program has the ability to perform malicious tasks such as getting someone’s passwords or important data. ● This can even include the removal of user data or deleting one's hard drive.
  • 32. Cyber Terrorism ● Cyber terrorism is a type of attack in which a person uses the Internet to establish violent acts which may result in loss of a life, harm to a person or threaten to life. ● The main object of this is to gain political advantages by the use of threat.
  • 33. Online Fraud ● Online fraud in cyber security includes online scams, spam, identity theft, a scammer buying products online from your account without your knowledge, identity spoofing, scam pop-up alerts, chain letter scams, etc.
  • 34. Software Piracy ● Software piracy is the illegal copying, installation, use, distribution, or sale of software in any way other than that is expressed in the license agreement. ● The software industry is facing huge financial losses due to the piracy of software. ● Piracy of software is performed by end-users as well as by the dealers.
  • 35. Forgery ● The term forgery usually describes a message related attack against a cryptographic digital signature scheme. ● That is an attack trying to fabricate a digital signature for a message without having access to the respective signer's private signing key.
  • 36. Phishing ● Phishing works by sending messages that look like they are from a legitimate company or website. ● Phishing messages will usually contain a link that takes the user to a fake website that looks like the real thing. ● The user is then asked to enter personal information, such as their credit card number.
  • 37. Spam ● Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk. ● Often spam is sent via email, but it can also be distributed via text messages, phone calls, or social media.
  • 38. Spoofing ● Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. ● Spoofing happens when cybercriminals use deception to appear as another person or source of information. ● Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
  • 39. Defamation ● Any deliberate, false communication—spoken or written—on any online platform, or any publication of a false statement—that can damage an individual’s reputation, diminish their self-respect, undermine their dignity, undermine their confidence, or harm their character in the public or social sphere is known as Defamation. ● Injuring the reputation of a person on the internet by using social media email, etc.
  • 40. Types of Malware ● Viruses ● Spyware ● Adware ● Ransomware ● Keylogger ● Botnet • Backdoor • Downloader • Launcher • Rootkit • Scareware • Spamware
  • 41. Viruses ● Created to relentlessly self-replicate ● it infects programs and files. The malicious activities may be targeted at destroying valuable data or causing unrepairable damages
  • 42. Backdoor ● Malicious code that installs itself onto a computer to allow the attacker access. ● Backdoors usually let the attacker connect to the computer with little or no authentication and execute commands on the local system.
  • 43. Downloader ● Malicious code that exists only to download other malicious code. ● Downloaders are commonly installed by attackers when they first gain access to a system. ● The downloader program will download and install additional malicious code.
  • 44. Launcher ● Malicious program used to launch other malicious programs. ● Usually, launchers use nontraditional techniques to launch other malicious programs in order to ensure stealth or greater access to a system.
  • 45. Rootkit ● Malicious code designed to conceal the existence of other code. ● Rootkits are usually paired with other malware, such as a backdoor, to allow remote access to the attacker and make the code difficult for the victim to detect.
  • 46. Spyware ● The software is created to spy on the victim. ● It is secretly implanted on the computing device by the hacker. ● The spyware gathers information and sends it to the hacker.
  • 47. Adware ● The malicious program is devised to pop-up unwanted advertisements on the victim’s computer without their permission. ● The pop-ups are uncontrollable and tend to behave erratically.
  • 48. Scareware ● Malware designed to frighten an infected user into buying something. ● It usually has a user interface that makes it look like an antivirus or other security program. ● It informs users that there is malicious code on their system and that the only way to get rid of it is to buy their “software,” when in reality, the software it’s selling does nothing more than remove the scareware.
  • 49. Spamware ● Malware that infects a user’s machine and then uses that machine to send spam. ● This malware generates income for attackers by allowing them to sell spam-sending services.
  • 50. Ransomware ● The ransom malware blocks the user from accessing the files or programs and the malware removal demands to pay the ransom through certain online payment methods. ● Once the amount is paid the user can resume using their system.
  • 51. Key-Logger ● Tools designed to record every keystroke on the affected machine for later retrieval ● It stores the data regarding each and every key user presses on the keyboard. ● It is very commonly used method to get username and passwords from a legitimate user.
  • 52. Botnet ● The cybercriminal blocks a user actions and takes full control of the system. ● The hacker creates a network of malware-infected computers which functions as a bot. ● The botnet is used to transmit malware, send spam emails, and execute other malicious tasks.
  • 53. Types of Possible Attacks ● Denial-of-Service ● 0-Day ● Brute Force ● Advanced Persistent Threat ● Automated Exploitation Tools
  • 54. Types of Possible Attacks ● ISP Intercept ● Supply Chain Attack ● Social Engineering
  • 55. Cyber Criminals ● Script Kiddies ● Motivated Individuals ● Highly Capable Groups ● Organized Hackers ● Intelligence Agencies/Services
  • 56. Script Kiddies ● A relatively unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and networks and deface websites
  • 57. Motivated individuals ● This includes multiple kinds of attackers, such as small-scale industrial espionage, rogue or malicious employees, or disaffected customers. ● They act alone
  • 58. Highly Capable Groups ● These groups often refer to themselves as Hacktivist and are not typically commercially funded, but can pose a serious threat to service providers and cloud operators. ● Many groups of hackers have organized themselves lately, such as Lulzsec and Anonymous.
  • 59. Organized Hackers ● These are groups of hackers who are usually highly capable. ● These groups are financially driven and able to fund in-house to exploit development and target research. ● Multiple groups fall in this category, from the Russian Business Network to the various organized groups that undertake industrial espionage.
  • 60. Intelligence Agencies ● They usually have capabilities greater than any other attacker, because they can bend rules without breaking them and can be authorized to violate rules. ● Intelligence agencies and other governmental players are comparable to organized hackers, but usually have far more money they can spend on those operations, making them more effective.
  • 61. E-mail Spoofing ● Email spoofing is a trick that spammers and identity thieves use to baffle and deceive people. The concept is that if an email seems to originate from a recognized sender, the aim of the phishing mail will be more probable to fall for the deception. ● Email security must remain a main concern for every business. Here are tips on protecting yourself against email spoofing: ○ Firstly check the salutation ○ Take care of grammar mistakes ○ Must check the links in email ○ Claiming that an email has come from reliable source ○ Forward spoofed emails to FTC
  • 62. Cyber Defamation ● Cyber defamation refers to libel or slander that is expressed online, typically via a publicly accessible website.
  • 63. Cyber Defamation ● Who does Defamation ○ Social media news channels ■ A new marketplace has emerged where public shaming is a commodity and shame is an industry. Nowadays, money is made on the clicks, the more shame the more clicks and the more advertising revenue.
  • 64. Cyber Defamation ● Who does Defamation ○ Disgruntled employee ■ Sends derogatory, defamatory, vulgar and abusive emails to the company’s superiors or management. ○ Ex-friend / Ex-spouse ■ Obscene messages are sent to friends/ family or even on porn sites.
  • 65. Cyber Defamation ● Who does Defamation ○ Political rivalry ■ Defaming rival party with false content and false context. ○ Religious rivalry ■ Trying to manipulate perceptions and creating false propaganda.
  • 66. Free Speech vs Defamation ● Freedom of Expression and Speech, as provided under Article 19 (1) (a) in our Constitution, provides that all citizens shall have the right to freedom of expression and speech. However, such freedom is subject to reasonable restrictions. ● The protection of the reputation of the other person falls within the ambit of reasonable restriction and any comment or remark which hampers the reputation of another person will invite liability under the law of defamation.
  • 67. Law against Defamation ● Section 499 of IPC ○ Says that whoever, by words either spoken or intended to be read, or by signs or by visible representations, makes or publishes any imputation concerning any person intending to harm, or knowing or having reason to believe that such imputation will harm the reputation of such person.
  • 68. Law against Defamation ● Section 469 of IPC ○ Says that whoever commits forgery, intending that the document or electronic record forged shall harm the reputation of any party, or knowing that it is likely to be used for that purpose shall be punished.
  • 69. Law against Defamation ● Section 503 of IPC ○ Says that whoever threatens another with any injury to a person, reputation or property, or to the person or reputation of anyone in whom that person is interested, with intent to cause alarm to that person, or to cause that person to do any act which he is not legally bound to do, or to omit to do any act which that person is legally entitled to do, as the means of avoiding the execution of such threats, commits criminal intimidation.
  • 70. Internet Time Theft ● It refers to the theft in a manner where the unauthorized person uses internet hours paid by another person.
  • 71. Salami Attack ● A “salami attack” is a form of cyber crime usually used for the purpose of committing financial crimes in which criminals steal money or resources a bit at a time from financial accounts on a system. ● A salami attack is when small attacks add up to one major attack. ● These attacks often go undetected due to the nature of this type of cyber crime.
  • 72. Forms of Salami Attack ● Salami Slicing ● Penny Shaving
  • 73. Salami Slicing ● Salami slicing is when the attacker uses an online database to seize the information of customers, that is bank/credit card details. ● The attacker deducts minuscule amounts from every account over a period of time. ● These amounts naturally add up to large sums of money that is unnoticeably taken from the collective accounts. ● Most people do not report the deduction, often letting it go because of the amount involved.
  • 74. Penny Shaving ● Penny shaving is the fraudulent practice of stealing money repeatedly in extremely small quantities. ● By taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. ● The idea is to make the change small enough that any single transaction will go undetected.
  • 76. Case Study 1 – Salami Attack ● In California, Between November and March of 2008, Michael Largent, a 21 year old wrote a program which allowed him to take advantage of the practice of challenge deposits which companies like Google, E*Trade, Charles Schwab, and other companies use to validate a clients bank account .
  • 77. Case Study 1 – Salami Attack ● The program set up more than 58,000 user accounts which resulted in challenge transactions between $0.01 to $2.00 to be sent to accounts belonging to Largent; the funds, amounting to somewhere between $40,000 and$50,000, were then transferred into other accounts belonging to Largent. ● An important element of Largent’s fraud is that his program created accounts using fraudulent names and social security numbers which under 18 U.S.C.
  • 78. Case Study 2 – Salami Attack ● In Pune, city-based senior High Court lawyer Amit Kumar Bhowmik, lost Rs 180 after getting three calls from an unknown number during August 2013. ● He had received three blank calls on his mobile phone from an unknown number (+9126530000300). ● When he checked his billing account with Airtel online, he realised he was charged Rs 60 for each call.
  • 79. Case Study 2 – Salami Attack ● Annoyed with the repeated badgering, Bhowmik lodged a complaint with the Cyber Crime Cell of the Pune police crime branch. ● The Cyber Crime Cell failed to trace the location or identify the user of the phone yet, as the privacy policies of mobile companies have been a hurdle in the tracking down of the offenders. ● Victims hardly ever approach the Cyber Crime Cell, so racketeers consider this method a safe way to make big money.
  • 80. Prevention ● Banks have to update their security so that the attacker doesn’t familiarize himself/herself with the way the framework is designed. ● Banks should advise customers on reporting any kind of money deduction that they aren’t aware that they were a part of. ● Customers should ideally not store information online when it comes to bank details.
  • 81. Laws against Salami Attacks ● Anyone found guilty for salami attacks are liable for punishment under Section 66 IT Act. ● Any unauthorized person who secures or attempts to secure access to a protected system is liable to be punished with imprisonment, which may extend to 10 years and may also be liable to fine. ● This is an offence under Section 70 in IT Act, 2000.
  • 82. Industrial Spying/Espionage ● A covert and sometimes illegal practice of investigating competitors to gain business advantage. ● The target of an investigation might be a trade secret, such as a proprietary product specification or formula, or information about business plans.
  • 83. Industrial Spying/Espionage ● An industrial spy may be an insider threat, such as an individual who has gained employment with the company for the purpose of spying or a disgruntled employee who trades information for personal gain or revenge. ● Spies may also infiltrate through social engineering tactics, for example, by tricking an employee into divulging privileged information.
  • 84. Industrial Spying/Espionage ● Spies sometimes physically breach the target organization and investigate the premises. ● In that case, they might search wastebaskets or copy files or hard drives of unattended computers. ● Industrial espionage is most often found in technology-focused companies, in part because of the considerable expense of technology research and development (R&D).
  • 85. Types of Industrial Espionage ● IP Theft ● Property Trespass ● Hiring Away Employees ● Wiretapping or eavesdropping ● Cyber attacks and malware
  • 86. IP Theft ● This type of espionage comes in many different forms. ● For example, ○ it can be a theft of engineering designs from an automobile or aerospace company; ○ a formula for a new drug from a pharmaceutical company ○ a recipe from a food and beverage or vitamin supplement company
  • 87. Property Trespass ● Breaking into physical premises or files to obtain company information is another form of industrial espionage. ● A surprising number of critical corporate assets are still in physical form and may be obtained by insider employees or by outsiders who gain access to the premises.
  • 88. Hiring Away Employees ● Competitors frequently try to hire away employees from companies to gain access to information the employees have acquired on the job. ● Most of the time, the knowledge employees obtain on the job is part of the trade and is legitimately transferrable, but there also are times when employees leave with valuable trade secrets and formulas in their heads that they can put to work for their new companies.
  • 89. Wiretapping or Eavesdropping ● Those desiring information from a company can set up portable devices that listen in or record certain conversations, such as a confidential board meeting. ● In some cases, this wiretapping may be legal and authorized, but in others, it is illegal listening for the purpose of economic or strategic gain.
  • 90. Cyber attacks and malware ● Whether it is through a distributed denial-of-service attack or an infusion of malware that corrupts a company's network, companies, governments and organizations also seek to disrupt each other by sabotaging daily operations and disabling their ability to work.
  • 91. Industrial espionage vs competitive intelligence ● Industrial espionage is distinct from competitive intelligence, which is confined to the gathering of publicly available information. ● When organizations, companies and governments gather competitive information on each other, they research websites, publications, patent filings, articles and any other publicly available information that can tell them more about the organization they are researching. This type of espionage is open to anyone and is perfectly legal.